Skip to content
Toolradar
Checkmarx logo

Checkmarx

UnclaimedEditor reviewed

Application security testing platform

SecurityDeveloper ToolsTesting & QADevOps
Visit Website
Reviews onG2Capterra
65 reviews tracked

The Bottom Line

Entry price

Paid plans only

Biggest pro

Enterprise SAST

Biggest con

Very expensive

TL;DR - Checkmarx

  • Checkmarx is an enterprise application security testing platform for finding vulnerabilities in code
  • It provides SAST, SCA, and DAST scanning integrated into CI/CD pipelines
  • Custom enterprise pricing based on codebase size and scanning requirements
Pricing: Paid only
Best for: Enterprises & pros
4.2/5 across review platforms

What is Checkmarx?

Editorial review
Checkmarx scans code for security vulnerabilities throughout the development process. Static analysis finds issues in source code. Dependency scanning catches vulnerable packages. Everything integrates into CI/CD. The platform covers the full application security stack. Findings prioritize by risk. Developer tools make fixing issues part of the workflow. Enterprise development organizations with security requirements choose Checkmarx for comprehensive application security testing at scale.

Available on: Web

how we evaluateSourcecheckmarx.com

Pros & Cons

Pros

  • Enterprise SAST
  • Good vulnerability detection
  • CI/CD integration
  • Compliance support
  • Many languages

Cons

  • Very expensive
  • False positives
  • Learning curve
  • Complex setup
  • Slow scans

Ratings Across the Web

4.2(65 reviews)
G258 reviews
4.4/5
Capterra7 reviews
3.9/5

Ratings aggregated from independent review platforms. Learn more

Key Features

SASTSCAIASTAPI securityIaC scanningEnterprise

Pricing Plans

Free Trial

Pricing checked Jun 7, 2026

Essentials

null

Core AppSec

  • SAST
  • SCA
  • API Security
  • ASPM dashboard

Professional

null

Expanded coverage

  • All Essentials
  • DAST
  • Container Security
  • Malicious package protection

Enterprise

null

Complete solution

  • All Professional
  • IaC Security
  • Secrets Detection
  • Codebashing training
Calculate your costView full pricing

Reviews

Improve Your Thinking Patterns Using ChatGPT cover
$99Free with your review

Review Checkmarx, get a free AI guide

Share your experience and we will send you Improve Your Thinking Patterns Using ChatGPT, free.

Write a review
4.2/5

Across 65 verified user reviews on G2, Capterra

Add your hands-on experience using the offer above to help the next buyer.

Best Checkmarx Alternatives

Top alternatives based on features, pricing, and user needs.

Fortify logo
FortifyFreemium

Comprehensive application security testing for identifying and remediating vulnerabilities.

4.7
Snyk logo
SnykFreemium

Secure your code, dependencies, containers, and IaC from dev to production

4.5
Veracode logo
VeracodePaid

Application security testing platform

4.1
SonarQube logo
SonarQubeFreemium

Automated code review for bugs, vulnerabilities, and code smells

4.5
See all security tools

Still deciding?

Most buyers shortlist 2 or 3 tools before committing. Pull a side-by-side comparison or browse the full alternatives shortlist below.

Checkmarx vs FortifyHead-to-head: features, pricing, who winsCheckmarx vs SnykHead-to-head: features, pricing, who winsCheckmarx vs VeracodeHead-to-head: features, pricing, who wins

Explore More

Best Security ToolsBest Developer ToolsBest Testing & QA ToolsBest DevOps Tools

Checkmarx FAQ

How does Checkmarx help secure applications during development?

Checkmarx scans code for security vulnerabilities throughout the development process, using static analysis to find issues directly in source code. It also performs dependency scanning to identify vulnerable packages. This integration into CI/CD pipelines helps ensure security is addressed continuously.

Which teams benefit most from using Checkmarx?

Enterprise development organizations with stringent security requirements are the primary beneficiaries of Checkmarx. It provides comprehensive application security testing at scale, making it suitable for large teams needing robust security measures.

How does Checkmarx compare to Veracode?

Checkmarx, like Veracode, offers enterprise-grade static application security testing (SAST) and integrates into CI/CD pipelines. However, Checkmarx is noted for its extensive language support and strong vulnerability detection, while users report it can be more expensive and have a steeper learning curve.

What kind of trade-offs should users consider when adopting Checkmarx?

Users should be aware that Checkmarx can be very expensive and may involve a complex setup process. It also has a learning curve and can produce false positives, which might require additional effort to manage.

How is Checkmarx priced?

Checkmarx is offered as a paid product, designed for enterprise use. It does not include a permanently free tier for ongoing use.

Can Checkmarx integrate with existing development workflows?

Yes, Checkmarx is designed to integrate into CI/CD pipelines, making security testing a part of the continuous development process. It also provides developer tools to help incorporate fixing issues directly into the workflow.

Source: checkmarx.com

Guides & Articles

Best MCP Gateways & AI Agent Security Tools 2026

Expert guide

Best Deepfake Detection Tools 2026

Expert guide

Best AI Governance Tools 2026

Expert guide